基础信息
项目名称:gopeak/masterlab
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1718312041398976512/1718312042741153792
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| Lcobucci jwt 数据伪造问题漏洞 | 对数据真实性的验证不充分 | MPS-2021-31875 | CVE-2021-41106 | 低危 |
| PHPMailer 代码问题漏洞 | 任意文件上传 | MPS-2021-8272 | CVE-2021-34551 | 高危 |
| PHPMailer 安全漏洞 | 从非可信控制范围包含功能例程 | MPS-2021-8645 | CVE-2021-3603 | 高危 |
| PSR-7 Message Implementation 验证错误漏洞 | 对数据真实性的验证不充分 | MPS-2022-3742 | CVE-2022-24775 | 高危 |
| PSR-7 Message Implementation 安全漏洞 | 解释冲突 | MPS-2023-9403 | CVE-2023-29197 | 高危 |
| Laminas Project diactoros 拒绝服务漏洞 | 拒绝服务 | MPS-2023-9897 | CVE-2023-29530 | 中危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| phpmailer/phpmailer | v6.5 | 6.5.0 | 间接依赖 | 建议修复 |
| guzzlehttp/psr7 | 1.6.1 | 1.9.1 | 间接依赖 | 建议修复 |
| lcobucci/jwt | 3.3.0 | 3.4.6 | 间接依赖 | 可选修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| BSD-3-Clause | 28 | 低 |
| MIT | 80 | 低 |
| LGPL-2.1 | 3 | 中 |
| LGPL-2.0 | 2 | 中 |
| BSD-2-Clause | 1 | 低 |
| BSD-4-Clause | 1 | 低 |
| Unlicense | 1 | 低 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| phpunit/php-file-iterator | ^1.4.2 | 间接依赖 | composer |
| doctrine/inflector | 1.3.1 | 间接依赖 | composer |
| sebastian/global-state | ^2.0 | 间接依赖 | composer |
| sebastian/environment | ^3.1 | 间接依赖 | composer |
| myclabs/php-enum | ^1.5 | 间接依赖 | composer |
| symfony/polyfill-ctype | ^1.8 | 间接依赖 | composer |
| symfony/options-resolver | ^2.7|^3.0|^4.0 | 间接依赖 | composer |
| phar-io/manifest | ^1.0.1 | 间接依赖 | composer |
| phpunit/php-file-iterator | ^1.4.3 | 间接依赖 | composer |
| guzzlehttp/psr7 | ^1.6.1 | 间接依赖 | composer |
| tightenco/collect | ~5.0|~6.0 | 间接依赖 | composer |
| psr/container | ^1.0 | 间接依赖 | composer |
| symfony/event-dispatcher-contracts | ^1.1 | 间接依赖 | composer |
| sebastian/recursion-context | ^3.0 | 间接依赖 | composer |
| phar-io/version | ^1.0 | 间接依赖 | composer |
| doctrine/instantiator | ^1.0.5 | 间接依赖 | composer |
| maennchen/zipstream-php | ^2.1 | 间接依赖 | composer |
| composer-plugin-api | ^1.1 || ^2.0 | 间接依赖 | composer |
| psr/log | ^1.0.0 | 间接依赖 | composer |
| phpoffice/phpspreadsheet | 1.16.0 | 间接依赖 | composer |
| symfony/polyfill-intl-normalizer | ~1.0 | 间接依赖 | composer |
| phpunit/php-timer | ^2.0 | 间接依赖 | composer |
| lasserafn/php-initials | 3.0 | 间接依赖 | composer |
| markbaker/complex | ^1.5||^2.0 | 间接依赖 | composer |
| sebastian/recursion-context | ^1.0|^2.0|^3.0|^4.0 | 间接依赖 | composer |
| ralouphie/getallheaders | 3.0.3 | 间接依赖 | composer |
| sebastian/comparator | ^1.2.3|^2.0|^3.0|^4.0 | 间接依赖 | composer |
| psr/simple-cache | ^1.0 | 间接依赖 | composer |
| phpunit/php-code-coverage | ^6.0 | 间接依赖 | composer |
| phpunit/php-text-template | ^1.2.1 | 间接依赖 | composer |
| markbaker/complex | 1.4.7 | 间接依赖 | composer |
| symfony/polyfill-php80 | ^1.15 | 间接依赖 | composer |
| endroid/installer | ^1.0.3 | 间接依赖 | composer |
| symfony/polyfill-intl-normalizer | ^1.10 | 间接依赖 | composer |
| symfony/var-dumper | ^3.4 || ^4.0 || ^5.0 | 间接依赖 | composer |
| sebastian/diff | ^3.0 | 间接依赖 | composer |
| guzzlehttp/psr7 | ~1.1 | 间接依赖 | composer |
| theseer/tokenizer | ^1.1 | 间接依赖 | composer |
| endroid/qr-code | 3.4.0 | 间接依赖 | composer |
| symfony/property-access | ^2.7|^3.0|^4.0 | 间接依赖 | composer |
| ezyang/htmlpurifier | ^4.13 | 间接依赖 | composer |
| dragonmantank/cron-expression | 3.0 | 间接依赖 | composer |
| guzzlehttp/psr7 | ~1.1 || ^2.0 | 间接依赖 | composer |
| sebastian/code-unit-reverse-lookup | ^1.0.1 | 间接依赖 | composer |
| sebastian/object-enumerator | ^3.0.3 | 间接依赖 | composer |
| doctrine/instantiator | ^1.0.2 | 间接依赖 | composer |
| symfony/event-dispatcher | 4.4.6 | 间接依赖 | composer |
| intervention/image | 2.5.1 | 间接依赖 | composer |
| overtrue/pinyin | 4.0.5 | 间接依赖 | composer |
| symfony/deprecation-contracts | ^2.1 | 间接依赖 | composer |
| khanamiryan/qrcode-detector-decoder | ^1.0.2 | 间接依赖 | composer |
| katzgrau/klogger | v1.2.1 | 间接依赖 | composer |
| sebastian/version | ^2.0.1 | 间接依赖 | composer |
| lcobucci/jwt | 3.3.0 | 间接依赖 | composer |
| phpspec/prophecy | ^1.7 | 间接依赖 | composer |
| psr/simple-cache | ~1.0 | 间接依赖 | composer |
| doctrine/dbal | 2.13.2 | 间接依赖 | composer |
| markbaker/matrix | ^1.2||^2.0 | 间接依赖 | composer |
| webmozart/assert | ^1.9.1 | 间接依赖 | composer |
| symfony/polyfill-mbstring | ~1.0 | 间接依赖 | composer |
| symfony/polyfill-intl-grapheme | ~1.0 | 间接依赖 | composer |
| symfony/polyfill-intl-idn | ^1.11 | 间接依赖 | composer |
| doctrine/deprecations | ^0.5.3 | 间接依赖 | composer |
| symfony/yaml | 4.4.7 | 间接依赖 | composer |
| myclabs/deep-copy | ^1.6.1 | 间接依赖 | composer |
| psr/http-factory | ^1.0 | 间接依赖 | composer |
| phpdocumentor/reflection-common | ^2.2 | 间接依赖 | composer |
| phpdocumentor/reflection-docblock | ^2.0|^3.0.2|^4.0|^5.0 | 间接依赖 | composer |
| phpmailer/phpmailer | v6.5 | 间接依赖 | composer |
| symfony/polyfill-mbstring | ^1.0 | 间接依赖 | composer |
| guzzlehttp/psr7 | 1.6.1 | 间接依赖 | composer |
| lasserafn/php-string-script-language | 0.1 | 间接依赖 | composer |
| bacon/bacon-qr-code | ^1.0.3 | 间接依赖 | composer |
| phpdocumentor/type-resolver | ^1.3 | 间接依赖 | composer |
| symfony/polyfill-php80 | ~1.15 | 间接依赖 | composer |
| meyfa/php-svg | v0.9.1 | 间接依赖 | composer |
| markbaker/matrix | 1.1.4 | 间接依赖 | composer |
| sebastian/resource-operations | ^1.0 | 间接依赖 | composer |
| twig/twig | 2.15.3 | 间接依赖 | composer |
| sebastian/comparator | ^2.1 | 间接依赖 | composer |
| phpunit/php-token-stream | ^3.0 | 间接依赖 | composer |
| psr/http-message | ^1.0 | 间接依赖 | composer |
| doctrine/event-manager | 1.1.0 | 间接依赖 | composer |
| phpdocumentor/reflection-common | 2.2.0 | 间接依赖 | composer |
| lasserafn/php-initial-avatar-generator | 4.1 | 间接依赖 | composer |
| php-curl-class/php-curl-class | v7.3.0 | 间接依赖 | composer |
| psr/simple-cache | 1.0.1 | 间接依赖 | composer |
| guzzlehttp/promises | ^1.0 | 间接依赖 | composer |
| symfony/polyfill-ctype | ~1.8 | 间接依赖 | composer |
| doctrine/cache | ^1.0|^2.0 | 间接依赖 | composer |
| hornet/framework | v1.0.9 | 间接依赖 | composer |
| symfony/polyfill-mbstring | ^1.3 | 间接依赖 | composer |
| symfony/finder | ~3.0|~4.0 | 间接依赖 | composer |
| illuminate/contracts | ~5.0|~6.0 | 间接依赖 | composer |
| doctrine/event-manager | ^1.0 | 间接依赖 | composer |
| phar-io/version | ^1.0.1 | 间接依赖 | composer |
| ralouphie/getallheaders | ^2.0.5 || ^3.0.0 | 间接依赖 | composer |
| gregwar/captcha | v1.1.5 | 间接依赖 | composer |
| psr/http-message | 1.0.1 | 间接依赖 | composer |
| sebastian/diff | ^2.0 || ^3.0 | 间接依赖 | composer |
| adldap2/adldap2 | 10.2 | 间接依赖 | composer |
| psr/http-client | ^1.0 | 间接依赖 | composer |
| guzzlehttp/guzzle | 6.5.8 | 间接依赖 | composer |
| phpunit/phpunit-mock-objects | ^6.0 | 间接依赖 | composer |
| sebastian/object-reflector | ^1.1.1 | 间接依赖 | composer |
| psr/http-message | ~1.0 | 间接依赖 | composer |
| symfony/string | ~5.1.10|^5.2.1 | 间接依赖 | composer |
| symfony/inflector | ^3.4|^4.0|^5.0 | 间接依赖 | composer |
| doctrine/cache | ^1.0 | 间接依赖 | composer |
| sebastian/exporter | ^3.1 | 间接依赖 | composer |
| symfony/string | ^5.2.8 | 间接依赖 | composer |
| psr/log | ~1.0 | 间接依赖 | composer |
| symfony/polyfill-php72 | ^1.10 | 间接依赖 | composer |